SIM-Hijacking Netflix Account Takeover Scam
Criminals hijack a victim's mobile phone number via SIM swapping to intercept Netflix password-reset SMS codes, taking over the Netflix account and the linked payment card.
Part of: SIM Hijacking and Mobile Account Takeover Scam
Last reviewed: 8 June 2026
Netflix allows account recovery via SMS sent to the phone number on record. This is a convenience feature, but it creates a dependency on the security of the victim's mobile number. A successful SIM hijack against that phone number therefore unlocks Netflix account recovery as a bonus attack surface.
SIM hijacking — convincing a mobile carrier to transfer a victim's number to a new SIM — is typically aimed at high-value targets such as cryptocurrency holders, but attackers also run it against broad lists of email addresses, checking each account type reachable via the compromised phone number for secondary value.
Netflix accounts have real monetary value: an active subscription paid by the victim, a linked payment card for upgrades, and often saved user profiles belonging to the entire household.
How this scam works on the Netflix brand
The SIM hijack itself is the same process as with any carrier social engineering attack: the criminal researches the target's carrier, calls with the target's personal details from a data breach, claims the phone was lost or damaged, and requests a new SIM. Once the swap completes, the attacker requests a Netflix password reset, receives the SMS, and resets the password.
Netflix's account-recovery flow sends the reset link or code to the registered phone number. With the number under their control, the attacker completes the reset, changes the account email to one they control, and locks the original owner out.
In subsequent steps, the attacker may upgrade the plan, add profiles, or leave the account apparently unchanged while using it — delaying the victim's discovery. The linked payment card may also be tested on other services.
Common red flags
- Your phone loses mobile signal unexpectedly — a potential sign of a SIM swap in progress.
- You receive an unexpected Netflix password-reset SMS you did not request.
- Your Netflix account shows that your password was recently changed without your action.
- An email from Netflix confirms a password change or plan upgrade you did not authorise.
- New profiles have been created on your Netflix account that you did not add.
- Your carrier confirms a SIM swap was processed on your account that you did not authorise.
How to protect yourself
- Call your mobile carrier and ask them to add a port or SIM-swap protection PIN — this makes social engineering attacks harder.
- Use a unique, strong password for Netflix not linked to any other account.
- Set up a non-SMS recovery option for Netflix where possible — use the email recovery route and secure that email with two-factor authentication.
- Review your Netflix account's payment history and linked devices regularly at netflix.com/account.
- Check your Netflix account for unfamiliar profiles or viewing activity at least monthly.
- Consider using a Google Voice or similar number for Netflix registration if your primary number has been previously exposed in a breach.
How to report it
- Contact your mobile carrier immediately to reverse the SIM swap and restore your number.
- Report the account compromise to Netflix at netflix.com/loginhelp.
- Report the SIM hijack to the FTC at IdentityTheft.gov (US) or Action Fraud at actionfraud.police.uk (UK).
- If fraudulent charges appeared on your linked payment card, contact your card issuer immediately.
Frequently asked questions
Why would someone hijack a SIM just to access a Netflix account?
SIM hijackers often target victims for their entire phone-number-linked digital life — banking, email, crypto, and streaming accounts. Netflix may not be the primary target but is a bonus. The subscription provides free streaming and the linked card may be tested elsewhere.
Can I protect my Netflix account without two-factor authentication?
Netflix currently lacks authenticator-based 2FA. Your best defences are a unique strong password for Netflix, a secure email account as your primary recovery method, and asking your carrier for SIM-swap protection on your number.
How quickly do I need to act if I suspect a SIM swap?
Immediately. Call your carrier as soon as your phone loses service without an obvious reason. The faster you report the swap, the sooner your number can be restored and the attacker's access window closes.